Security Manager

Reporting to the Director, Information Security, the Information Security Manager (Research) will provide leadership and work in partnership with research groups and individuals to understand policies, assess security risk, establish strategic direction and provide direction on priorities. The incumbent will also have an advisory role and provide direct consultation to the Director, Information Security as well as the CIO and VP Research and International. The incumbent will interact with members of the community, more specifically the research community, to continually evolve and ensure compliance with the information security policies and the regulatory environment.

The Information Security Manager (Research) will serve as the subject matter expert for information security on key research security initiatives. This position requires a thorough knowledge of Information Security including access control, cryptography, security operations, communications security, system development and maintenance, computer architecture, information security management, systems security law, investigation protocols, and application program security.

The incumbent provides leadership in the analysis and assessment of the information security elements of the IT environment, provides information security advice and guidance to all stakeholders, maintains and supports all elements of the information security program including development of procedures and processes for researchers to maximize use of OneDrive for Business, securing research data on mobile devices through the deployment of Microsoft’s Enterprise Mobility Suite, managing the deployment of a portal for researchers to acquire endpoint security software, development of procedures to guide researchers in securing data on hard drives and USB devices, developing researcher-specific security guidance around the protection of research data. A key component of all work performed is in support of research initiatives. The position may require management of others.

The position is one of 7 direct reports to the Director, Information Security.

Supporting the deployment of OneDrive for Business with a specific focus on the research community

Maturation and operation of the Vulnerability Management Program in support of mandatory compliance to PCI DSS and resolution of audit findings.

The role includes:

Support of the vulnerability alerting service

Performance of Vulnerability Assessments and Penetration Tests

Reporting on Vulnerability Assessment findings and assistance with guidance on remediation of findings

Responsible for the support and configuration of the Security Information Event Management system

Research specific Incident investigations and responses, including reporting to management on the impact to the information systems

Augmenting information security awareness within the research community

Ensuring ITS commit time for service tickets that include review of and approval of firewall rule changes in support of research initiatives

Development and maintenance of departmental processes and procedures related to research

Planning and managing research-related information security projects (including the supervision of technical team members) to implement new technical security controls

Perform other duties as assigned by your immediate manager

Key Must Haves:

A minimum of a Bachelors’ Degree (B.Sc.) in computer science, information technology, information management, or a related field. Other education and direct information security experience may be considered.

Six (6) to ten (10) years’ progressive experience in computing and security with Internet technologies and security issues.

Must have a solid understanding of information technology and information security (e.g. firewalls, VPNs, vulnerability assessments, access control and security devices), risk analysis and risk management.

Must also have experience with conducting information security audits and implementing recommended security controls, as well as three (1) to five (3) years of supervisory experience are preferable.